------------------------------------------------------------------------
The Debian Project http://www.debian.org/
Debian GNU/Linux 3.1 updated
February 18th, 2007 http://www.debian.org/News/2007/20070218
------------------------------------------------------------------------
Debian GNU/Linux 3.1 updated
The Debian project has updated the stable distribution Debian GNU/Linux
3.1 (codename `sarge'). This update mainly adds security updates to the
stable release, along with a few corrections to serious problems. Those
who frequently update from security.debian.org won't have to update many
packages and most updates from security.debian.org are included in this
update.
Please note that this update does not constitute a new version of Debian
GNU/Linux 3.1 but only updates some of the packages included. There is
no need to throw away 3.1 CDs. Instead you only need to update against
ftp.debian.org or a mirror after an installation, in order to incorporate
those changes. New CD and DVD images are being built right now and will
be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the
`apt' package tool (see the sources.list(5) manual page) to one of
Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is
available at:
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages.
Package Reason
exim Update description to reflect upgrade problems
glibc Update timezone data
openvpn Fix restart of openvpn in init script
pinball Get architectures back in sync
Security Updates
----------------
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates.
Advisory ID Package(s) Correktion(s)
DSA 996 libcrypt-cbc-perl Cryptographic weakness
DSA 1193 XFree86 Several vulnerabilities
DSA 1196 clamav Arbitrary code execution
DSA 1197 python2.4 Arbitrary code execution
DSA 1198 python-2.3 Arbitrary code execution
DSA 1199 webmin Input validation problems
DSA 1200 qt-x11-free Denial of service
DSA 1201 ethereal Denial of service
DSA 1202 screen Arbitrary code execution
DSA 1203 libpam-ldap Access control bypass
DSA 1204 ingo1 Arbitrary shell command execution
DSA 1205 thttpd Insecure temporary file creation
DSA 1206 php4 Several vulnerabilities
DSA 1207 phpmyadmin Several vulnerabilities
DSA 1208 bugzilla Several vulnerabilities
DSA 1209 trac Cross-site request forgery
DSA 1210 mozilla-firefox Several vulnerabilities
DSA 1211 pdns Arbitrary code execution
DSA 1212 openssh Denial of service
DSA 1213 imagemagick Several vulnerabilities
DSA 1214 gv Arbitrary code execution
DSA 1215 xine-lib Execution of arbitrary code
DSA 1216 flexbackup Denial of service
DSA 1217 linux-ftpd Access control bypass
DSA 1218 proftpd Denial of service
DSA 1219 texinfo Multiple vulnerabilities
DSA 1220 pstotext Arbitrary shell command execution
DSA 1221 libgsf Arbitrary code execution
DSA 1222 proftpd Several vulnerabilities
DSA 1223 tar Arbitrary file overwrite
DSA 1224 mozilla Several vulnerabilities
DSA 1225 mozilla-firefox Several vulnerabilities
DSA 1226 links Arbitrary shell command execution
DSA 1227 mozilla-thunderbird Several vulnerabilities
DSA 1228 elinks Arbitrary shell command execution
DSA 1229 asterisk Arbitrary code execution
DSA 1230 l2tpns Buffer overflow
DSA 1231 gnupg Arbitrary code execution
DSA 1232 clamav Denial of service
DSA 1233 kernel-source-2.6.8 Several vulnerabilities
DSA 1234 ruby1.6 Denial of service
DSA 1235 ruby1.8 Denial of service
DSA 1236 enemies-of-carlotta Missing sanity checks
DSA 1237 kernel-source-2.4.27 Several vulnerabilities
DSA 1238 clamav Several vulnerabilities
DSA 1239 sql-ledger Arbitrary code execution
DSA 1241 squirrelmail Cross-site scripting
DSA 1242 elog Arbitrary code execution
DSA 1243 evince Arbitrary code execution
DSA 1244 xine-lib Arbitrary code execution
DSA 1245 proftpd Denial of service
DSA 1246 openoffice.org Arbitrary code execution
DSA 1247 libapache-mod-auth-kerb Remote denial of service
DSA 1248 libsoup Denial of service
DSA 1249 xfree86 Privilege escalation
DSA 1250 cacti Arbitrary code execution
DSA 1251 netrik Arbitary shell command execution
DSA 1252 vlc Arbitrary code execution
DSA 1253 mozilla-firefox Several vulnerabilities
DSA 1254 bind9 Denial of service
DSA 1255 libgtop2 Arbitrary code execution
DSA 1256 gtk+2.0 Denial of service
DSA 1257 samba Several vulnerabilities
DSA 1258 mozilla-thunderbird Several vulnerabilities
DSA 1259 fetchmail Information disclosure
DSA 1260 imagemagick Arbitrary code execution
DSA 1261 postgresql Several vulnerabilities
The complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:
URLs
----
The complete lists of packages that have changed with this revision:
The current stable distribution:
Proposed updates to the stable distribution:
Stable distribution information (release notes, errata etc.):
Security announcements and information:
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely
free operating systems Debian GNU/Linux.
Contact Information
-------------------
For further information, please visit the Debian web pages at
, send mail to , or
contact the stable release team at .
--
Bookmark/Search this post with:
Militantly FREE software support.
Debian GNU/Linux 3.1 updated
------------------------------------------------------------------------
The Debian Project http://www.debian.org/
Debian GNU/Linux 3.1 updated
April 7th, 2007 http://www.debian.org/News/2007/20070407
------------------------------------------------------------------------
Debian GNU/Linux 3.1 updated
The Debian project has updated the stable distribution Debian GNU/Linux
3.1 (codename `sarge'). This update mainly adds security updates to the
stable release, along with a few corrections to serious problems. Those
who frequently update from security.debian.org won't have to update many
packages and most updates from security.debian.org are included in this
update.
In preparation for the upcoming release of Debian GNU/Linux 4.0
(codename `etch'), Debian GNU/Linux 3.1 will be moved to the `oldstable'
part of the archive. Users who would like to continue using Debian
GNU/Linux 3.1 are advised to update their /etc/apt/sources.list network
sources to refer to `sarge' instead of `stable'.
Please note that this update does not constitute a new version of Debian
GNU/Linux 3.1 but only updates some of the packages included. There is
no need to throw away 3.1 CDs. Instead you only need to update against
ftp.debian.org or a mirror after an installation, in order to
incorporate those changes. New CD and DVD images will be delayed until
after the release of `etch' and will be available at the regular
locations.
Upgrading to this revision online is usually done by pointing the
`apt' package tool (see the sources.list(5) manual page) to one of
Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is
available at:
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages.
Package Reason
base-installer Fix for kernel ABI bump (fix regression from 3.1r5)
glibc Get architectures back in sync
Security Updates
----------------
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates.
Advisory ID Package(s) Correction(s)
DSA 1240 links2 Arbitrary shell command execution
DSA 1262 gnomemeeting Arbitrary code execution
DSA 1263 clamav Denial of service
DSA 1264 php4 Several vulnerabilities
DSA 1265 mozilla Several vulnerabilities
DSA 1266 gnupg Signature forgery
DSA 1267 webcalendar Remote file inclusion
DSA 1268 libwpd Arbitrary code execution
DSA 1269 lookup-el Insecure temporary file
DSA 1270 openoffice.org Several vulnerabilities
DSA 1271 openafs Remote privilege escalation
DSA 1272 tcpdump Denial of service
DSA 1273 nas Multiple remote vulnerabilities
DSA 1274 file Arbitrary code execution
DSA 1275 zope2.7 Cross-site scripting flaw
DSA 1276 krb5 Several vulnerabilities
DSA 1277 xmms Arbitrary code execution
DSA 1278 man-db Arbitrary code execution
The complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:
URLs
----
The complete lists of packages that have changed with this revision:
The current stable distribution:
Proposed updates to the stable distribution:
Stable distribution information (release notes, errata etc.):
Security announcements and information:
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely
free operating systems Debian GNU/Linux.
Contact Information
-------------------
For further information, please visit the Debian web pages at
, send mail to , or
contact the stable release team at .
--
Debian GNU/Linux 3.1 updated
------------------------------------------------------------------------
The Debian Project http://www.debian.org/
Debian GNU/Linux 3.1 updated
December 27th, 2007 http://www.debian.org/News/2007/20071228
------------------------------------------------------------------------
Debian GNU/Linux 3.1 updated
The Debian project is pleased to announce the seventh update of its
old stable distribution Debian GNU/Linux 3.1 (codename `sarge'). This
is the first time we update the old stable distribution during the
lifetime of the stable distribution. This update mainly adds
corrections for security problems to the oldstable release, along with
a few adjustments to serious problems.
Please note that this update does not constitute a new version of Debian
GNU/Linux 3.1 but only updates some of the packages included. There is
no need to throw away 3.1 CDs or DVDs but only to update against
ftp.debian.org after an installation, in order to incorporate those late
changes.
Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.
New CD and DVD images containing updated packages and the regular
installation media accompanied with the package archive respectively
will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the
`aptitude' (or `apt') package tool (see the sources.list(5) manual
page) to one of Debian's many FTP or HTTP mirrors. A comprehensive
list of mirrors is available at:
Debian-Installer Update
-----------------------
With this release the installation system for sarge gains full support for
installing `oldstable' from network mirrors. This includes base-config.
The installer also uses and supports the updated kernels included in this
revision. This causes old netboot and floppy images to stop working,
updated versions are available from the regular locations.
Other changes are a final fix to prevent leakage of sensitive data through
saved log files and a minor fix in the partman-jfs component.
Miscellaneous Bugfixes
----------------------
This update adds several binary-only updates for various architectures
to packages whose version was not synchronised across all architectures.
It also adds a few important corrections to the following packages:
Package Reason
adesklets Bring architectures back in sync
agenda.app Bring architectures back in sync
antlr Bring architectures back in sync
apache2 Fix several minor vulnerabilities
asterisk-spandsp-plugins Bring architectures back in sync
atomix Bring architectures back in sync
bazaar Bring architectures back in sync
camediaplay Bring architectures back in sync
commons-daemon Bring architectures back in sync
debtags-edit Bring architectures back in sync
fai-kernels Rebuild against latest kernel update
fet Bring architectures back in sync
freepops Bring architectures back in sync
gaim-encryption Bring architectures back in sync
gff2aplot Bring architectures back in sync
gnuradio-core Bring architectures back in sync
gr-audio-oss Bring architectures back in sync
iroffer Bring architectures back in sync
joystick Bring architectures back in sync
k3d Bring architectures back in sync
kdissert Bring architectures back in sync
kernel-latest-2.6-alpha Meta package for new kernel ABI
kernel-latest-2.6-amd64 Meta package for new kernel ABI
kernel-latest-2.6-hppa Meta package for new kernel ABI
kernel-latest-2.6-i386 Meta package for new kernel ABI
kernel-latest-2.6-sparc Meta package for new kernel ABI
kernel-latest-2.6-powerpc Meta package for new kernel ABI
kernel-source-2.6.8 Several fixes and driver updates
kexi Bring architectures back in sync
kimdaba Bring architectures back in sync
leafpad Bring architectures back in sync
libdbd-sqlite2-perl Bring architectures back in sync
libgconf-java Bring architectures back in sync
libglade-java Bring architectures back in sync
libgnome-java Bring architectures back in sync
ocaml-http Bring architectures back in sync
octaviz Bring architectures back in sync
osspsa Bring architectures back in sync
paje.app Bring architectures back in sync
pasmo Bring architectures back in sync
plptools Bring architectures back in sync
pwlib Fix remote denial of service
python-biopython Bring architectures back in sync
realtimebattle Bring architectures back in sync
scalapack Bring architectures back in sync
skippy Bring architectures back in sync
swt-gtk Bring architectures back in sync
vgrabbj Bring architectures back in sync
visitors Bring architectures back in sync
wesnoth Fix denial of service
ximian-connector Bring architectures back in sync
xwine Bring architectures back in sync
Security Updates
----------------
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates.
Advisory ID Package Correction(s)
DSA 1267 webcalendar Remote file inclusion
DSA 1282 php4 Several vulnerabilities
DSA 1284 qemu Several vulnerabilities
DSA 1287 ldap-account-manager Several vulnerabilities
DSA 1290 squirrelmail Cross-site scripting
DSA 1291 samba Several vulnerabilities
DSA 1293 quagga Denial of service
DSA 1294 rdesktop Several vulnerabilities
DSA 1294 xfree86 Several vulnerabilities
DSA 1307 openoffice.org Arbitrary code execution
DSA 1310 libexif Arbitrary code execution
DSA 1311 postgresql Privilege escalation
DSA 1312 libapache-mod-jk Information disclosure
DSA 1323 krb5 Several vulnerabilities
DSA 1325 evolution Several vulnerabilities
DSA 1326 fireflier Unsafe temporary files
DSA 1329 gfax Privilege escalation
DSA 1331 php4 Arbitrary code execution
DSA 1332 vlc Arbitrary code execution
DSA 1334 freetype Arbitrary code execution
DSA 1335 gimp Arbitrary code execution
DSA 1336 mozilla-firefox Several vulnerabilities
DSA 1342 bind9 DNS cache poisoning
DSA 1343 file Arbitrary code execution
DSA 1347 xpdf Arbitrary code execution
DSA 1349 libextractor Arbitrary code execution
DSA 1350 tetex-bin Arbitrary code execution
DSA 1351 bochs Privilege escalation
DSA 1352 pdfkit.framework Arbitrary code execution
DSA 1353 tcpdump Arbitrary code execution
DSA 1354 gpdf Arbitrary code execution
DSA 1358 asterisk Several vulnerabilitie
DSA 1364 vim Several vulnerabilites
DSA 1421 wesnoth Arbitrary file disclosure
DSA 1426 qt-x11-free Several vulnerabilities
DSA 1427 samba Arbitrary code execution
DSA 1433 centericq Arbitrary code execution
DSA 1435 clamav Several vulnerabilities
The complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:
URLs
----
The complete lists of packages that have changed with this revision:
The current oldstable distribution:
Proposed updates to the oldstable distribution:
Oldstable distribution information (release notes, errata etc.):
Security announcements and information:
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely
free operating systems Debian GNU/Linux.
Contact Information
-------------------
For further information, please visit the Debian web pages at
, send mail to , or
contact the stable release team at .
--
Debian GNU/Linux 3.1 updated
------------------------------------------------------------------------
The Debian Project http://www.debian.org/
Debian GNU/Linux 3.1 updated
April 13th, 2008 http://www.debian.org/News/2008/20080413
------------------------------------------------------------------------
Debian GNU/Linux 3.1 updated
The Debian project is pleased to announce the eighth and final update of
its old stable distribution Debian GNU/Linux 3.1 (codename `sarge').
This update mainly adds corrections for security problems to the
oldstable release, along with a few adjustments to serious problems.
Please note that this update does not constitute a new version of Debian
GNU/Linux 3.1 but only updates some of the packages included. There is
no need to throw away 3.1 CDs or DVDs but only to update against
ftp.debian.org after an installation, in order to incorporate those late
changes.
Those who frequently install updates from security.debian.org won't have
to update many packages and all updates from security.debian.org are
included in this update.
New CD and DVD images containing updated packages and the regular
installation media accompanied with the package archive respectively
will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the
`aptitude' (or `apt') package tool (see the sources.list(5) manual page)
to one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:
Miscellaneous Bugfixes
----------------------
This update adds several binary-only updates for various architectures
to packages whose version was not synchronised across all architectures.
It also adds a few important corrections to the following packages:
Package Reason
unrar-nonfree Fix a buffer overflow (CVE-2007-0855)
wesnoth Bring architectures back in sync
pwlib Bring architectures back in sync
sing Fix privilege escalation
alsa-modules-i386 Built against the fixed 2.6 ABI
fai-kernels Built against the fixed 2.6 ABI
Please note that updated packages for alsa-modules-i386 and fai-kernels
for the 2.4 Kernel-Series are available via security.debian.org but
could not be added to this upgrade to prevent the Debian Installer for
Sarge breaking as a result of the ABI change in that kernel update.
Security Updates
----------------
This revision adds the following security updates to the old stable
release. The Security Team has already released an advisory for each of
these updates:
Advisory ID Package Correction(s)
DSA 1438 tar Fix several vulnerabilities
DSA 1445 maradns Fix denial of service vulnerability
DSA 1446 ethereal Fix denial of service vulnerability
DSA 1448 eggdrop Fix execution of arbitrary code
DSA 1449 loop-aes-utils Fix programming error
DSA 1450 util-linux Fix programming error
DSA 1452 wzdftpd Fix denial of service vulnerability
DSA 1458 openafs Fix denial of service vulnerability
DSA 1459 gforge Fix SQL injection
DSA 1461 libxml2 Fix denial of service vulnerability
DSA 1463 postgresql Fix several vulnerabilities
DSA 1466 xfree86 Fix several vulnerabilities
DSA 1467 mantis Fix several vulnerabilities
DSA 1469 flac Fix arbitrary code execution
DSA 1471 libvorbis Fix several vulnerabilities
DSA 1472 xine-lib Fix arbitrary code execution
DSA 1473 scponly Fix arbitrary code execution
DSA 1482 squid Fix denial of service vulnerability
DSA 1487 libexif Fix several vulnerabilities
DSA 1488 phpbb Fix several vulnerabilities
DSA 1490 tk8.3 Fix arbitrary code execution
DSA 1491 tk8.4 Fix arbitrary code execution
DSA 1493 sdl-image1.2 Fix arbitrary code execution
DSA 1495 nagios-plugins Fix several vulnerabilities
DSA 1499 pcre3 Fix arbitrary code execution
DSA 1504 kernel-source-2.6.8 Fix several issues
DSA 1505 alsa-driver Fix kernel memory leak
DSA 1507 turba2 Fix permission testing
DSA 1508 sword Fix arbirary shell command execution
DSA 1510 gs-esp Fix arbitrary code execution
DSA 1510 gs-gpl Fix arbitrary code execution
DSA 1512 evolution Fix arbitrary code execution
DSA 1515 libnet-dns-perl Fix several vulnerabilities
DSA 1518 backup-manager Fix information disclosure
DSA 1519 horde3 Fix information disclosure
DSA 1520 smarty Fix arbitrary code execution
DSA 1522 unzip Fix potential code execution
DSA 1524 krb5 Fix multiple vulnerabilities
DSA 1527 debian-goodies Fix privilege escalation
DSA 1533 exiftags Fix several vulnerabilities
DSA 1536 xine-lib Fix several vulnerabilities
A complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:
Removed packages
----------------
Flashplugin-nonfree has been removed, as this is closed source and we
don't get security support for it. For security reasons, we recommend
to immediately remove any version of flashplugin-nonfree and any
remaining files of the Adobe Flash Player.
Flyspray has been removed since it has proven to be to buggy and not
well enough supported for a stable release.
URLs
----
The complete lists of packages that have changed with this revision:
The current oldstable distribution:
Proposed updates to the oldstable distribution:
Oldstable distribution information (release notes, errata etc.):
Security announcements and information:
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely
free operating systems Debian GNU/Linux.
Contact Information
-------------------
For further information, please visit the Debian web pages at
, send mail to , or
contact the stable release team at .
--